CVE-2021-21447
MEDIUMSAP BusinessObjects BI 410, 420 - Authenticated Stored XSS in Input Control
Title source: llmDescription
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2965154
Scores
CVSS v3
5.4
EPSS
0.0026
EPSS Percentile
49.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
sap/businessobjects_business_intelligence
410
sap/businessobjects_business_intelligence
420
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026